Pavlos Lamprakis Human or malware ? Detection of malicious Web requests
نویسنده
چکیده
Nowadays covert command and control (C&C) communication channels are built using the HTTP/HTTPS protocol, mainly because it is rarely blocked as well as malicious traffic can hide inside huge amounts of daily benign browsing traffic. This thesis addresses the problem of identifying malicious Web traffic and more specifically, post-infection traffic (C&C communication). We have built a system to facilitate network traces’ analysis by combining different existing tools. We collected and classified a large number of benign and malicious network traces. Using this system, we performed an extensive analysis of these traces and found common patterns occurring in them. Based on our analysis, we found that C&C communication can be reliably detected by representing the dependencies of HTTP/HTTPS traffic in a graph and complementing missing links. As a result, C&C traffic stands out as unconnected nodes. We applied different classifiers on the graph and found that a Gradient Boosting classifier can detect C&C traffic with 99% precision and 97% recall.
منابع مشابه
Unsupervised Detection of APT C&C Channels using Web Request Graphs
HTTP is the main protocol used by attackers to establish a command and control (C&C) channel to infected hosts in a network. Identifying such C&C channels in network traffic is however a challenge because of the large volume and complex structure of benign HTTP requests emerging from regular user browsing activities. A common approach to C&C channel detection has been to use supervised learning...
متن کاملFeature-based Malicious URL and Attack Type Detection Using Multi-class Classification
Nowadays, malicious URLs are the common threat to the businesses, social networks, net-banking etc. Existing approaches have focused on binary detection i.e. either the URL is malicious or benign. Very few literature is found which focused on the detection of malicious URLs and their attack types. Hence, it becomes necessary to know the attack type and adopt an effective countermeasure. This pa...
متن کاملAnomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism
Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in ...
متن کاملDyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملAn On-Line Learning Statistical Model to Detect Malicious Web Requests
Detecting malicious connection attempts and attacks against web-based applications is one of many approaches to protect the World Wide Web and its users. In this paper, we present a generic method for detecting anomalous and potentially malicious web requests from the network’s point of view without prior knowledge or training data of the web-based application. The algorithm assumes that a legi...
متن کامل